Privacy Policy

What is the purpose of this document?

Burts is committed to protecting the privacy and security of your personal information. This Privacy Notice describes how we collect and use personal information about you and applies to everyone whose personal data we process in our capacity as “data controller”, with the exception of our employees, workers and contractors.

We are Burts Potato Chips Limited. We are registered in England with company number 02665660 and our registered office address is The Klamp House, Belliver Way, Roborough, Plymouth PL6 7BP. Our Data Protection Manager is Mike Cosby. If you have any questions about this Notice, please call us on 0800 023 7404, e-mail us at HR@burtschips.com or write to the above address.

This Privacy Notice also applies to data processed by any subsidiary company of Burts or subsidiary of that subsidiary (as defined in section 1159 of the Companies Act 2006) (together the Group) including Savoury & Sweet Ltd (S&S), which is registered in England with company number 07734801 and whose registered office address is 65 Lewisher Road, Leicester LE4 9LR. All references to Burts in this Privacy Notice are references to Burts and / or S&S and / or any other subsidiary of Burts, as applicable.

This notice is not contractual and we may update it at any time. This version is effective from 24 May 2018.

Our collection, use and transfer of your data

General stakeholders

We collect information about many people, mainly in the form of contact details (name, job title, organisation, address, e-mail address and telephone number, as well as other information from e-mail signatures and footers) of people interested in our products, customer contacts and potential customer contacts, supplier contacts and potential supplier contacts, individual consumers and other stakeholders. This information is usually provided directly from you and may be used for the legitimate interest of communicating with you in relation to specific issues or products that you are involved in, or matters that you might be able to assist with. We may also contact you to keep in touch or make introductions.

We also obtain information about you, such as your name, contact details and anything you include in the message, when you make an enquiry through our website.

We keep the details of any complaints for our legitimate interest in trying to improve our business.

Job applicants

If you apply for a job with us, we will keep your name, contact details, current salary, covering letter and CV for up to six months and may use these to contact you about applicable jobs.

Shareholders

We use the contact details of our shareholders to send them updates about the business and their investment in it as well as agreements, resolutions and documents relevant to their shareholding. We also provide their name and shareholding details, as well as the name, home address, service address, date of birth, occupation and nationality of directors, to Companies House.

Onsite visitors

CCTV systems monitor our Burts car park in Plymouth and our S&S office in Leicester 24 hours a day. This data is recorded, kept for up to 24 months and may be used for the purpose of security for our employees, clients and other guests and may be provided to the Police if requested, all of which is a legitimate interest and in the public interests of safety.

We keep a record of the names and organisations of all our visitors, to ensure that we can account for everyone in the premises in the event of an emergency. Names are displayed on visitor badges and the accompanying visitor passes log entry and exit to different areas of the premises. If you choose to use our guest wifi network, your use of this will be recorded for security reasons. Photographs of your visit may be taken for our own security but will not be used in marketing materials without your consent.

Organisations that may see your data

Our banks, accountants, auditors and insurers are also entitled to obtain specific data on request as part of our compliance checks and legal obligations, although they rarely need specific personal data.

Our IT and marketing support and office management system providers have access to all data on our systems to provide their services to us for legitimate interests. We use Microsoft Office 365 for our e-mail exchange, for which the data is stored in the UK. We only allow our third-party service providers to use your personal data for specified purposes and in accordance with our instructions.

Marketing Correspondence

We also collect data you provide as part of promotional campaigns and competitions. This data will be collected and used for the specific purpose of that campaign or competition and only added to our general marketing list if you consent to opt-in to this.

We only send marketing correspondence (whether about us or our products, or a third party or their products) to people to have specifically opted in to this. This may relate to new products, special offers or other information that we think you might find interesting. If you wish to opt out at any time, please contact us on 0800 023 7404 or at marketing@burtschips.com or write to us at Marketing, Burts Potato Chips Limited, The Klamp House, Belliver Way, Roborough, Plymouth PL6 7BP.

We use MailChimp and Pure360 to send marketing correspondence. MailChimp is US based but there are adequate safeguards in place as they are self-certified to the Privacy Shield. Pure360 is operated by Purepromoter Limited and backed up in the UK. They are both data processors and so can only process your data in accordance with our instructions.

Special category personal data

“Special categories” of particularly sensitive personal information, being data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for identifying people, health information and data concerning sex life or sexual orientation, require higher levels of protection.

We do not envisage using collecting any special category data except where your health information (such as the need for wheelchair access) is useful to ensure your safety whilst you are at our premises.

Criminal convictions

We will not store or use information about any criminal convictions and offences, unless you have provided your consent to it.

Legal claims

Any personal data may be held and used for establishing, exercising or defending legal claims.

Our Group

We may share your personal data with companies within our Group if there is a legitimate interest in doing do, such as shared resources.

Future sale

We may share your personal information in the context of our legitimate interests in a possible sale or restructuring of the business. In this situation we will, so far as possible, share anonymised data with the other parties before the transaction completes. Once the transaction is completed, we will share your personal data with the other parties if and to the extent required under the terms of the transaction.

Use of our website

A cookie is a small file that asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Our website is hosted by Layershift Limited, who – as one of our data processors – can only process your data in accordance with out instructions. This uses a cloud-based system backed up in the UK.

Our website may contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information that you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Transferring information outside the EU

We use MailChimp to send some marketing correspondence. It is US based but there are adequate safeguards in place as they are self-certified to the Privacy Shield.

This is the only situation in which we transfer personal data outside the EU.

Right to withdraw consent

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us on 0800 023 7404 or at HR@burtschips.com. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

If you fail to provide personal information

If you fail to provide certain information when requested, we may not be able to continue our professional relationship, depending on the specific data, why we need it and what risks the provision of it poses to your rights and freedoms. For example, if a supplier fails to provide contact details of its finance department or the details needed for payments, we may not be able to pay them.

Change of purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal information without your knowledge or consent, where this is required or permitted by law.

Automated decision-making

Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.

Data security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

How long will we use your information for?

General stakeholders

We will hold your personal data until we are satisfied that there is no longer any purpose for retaining it. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Marketing data

We keep our general marketing database on an on-going basis but if you wish to be removed from this database, please contact us on 0800 023 7404 or at marketing@burtschips.com. Marketing data for specific campaigns or competitions are retained for two years and then deleted, unless we have any specific and lawful reason to keep it longer.

Job applicants

If you apply for a job with us, we will keep your name, contact details, current salary and CV on file for up to six months, although we may delete it before then if we do not anticipate any need for recruitment applicable to you within this time.

Anonymisation

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

Rights of access, correction, erasure, and restriction

You have a number of rights under the GDPR:

  • the right to access personal data we hold;
  • the right to ask us to rectify or complete our records;
  • the right to ask us to delete personal data;
  • the right to object to us processing your personal data;
  • the right to restrict our processing; and
  • the right to ask us to transfer your personal data to another organisation.

These are not absolute rights and are subject to specific conditions and depend on our processing purposes. If you are interested in using any of these rights, please contact us on 0800 023 7404 or at HR@burtschips.com for more information.

In most situations, you will not have to pay a fee to access your personal information (or to exercise any of the other rights).

Please inform us of any changes

It is important that the personal information we hold about you is accurate and current. Please contact us on 0800 023 7404 or at HR@burtschips.com if your personal information changes during your relationship with us so that we can update our records.

Complaints

If you are unhappy with any aspect of our processing of your personal data, we ask that you contact us on 0800 023 7404 or at HR@burtschips.com first and discuss your concerns with our Data Protection Manager. If you are not satisfied with the outcome, you may lodge a complaint with the Information Commissioner’s Office, the UK supervisory authority for data protection issues. Information about how to do this can be found on their website at https://ico.org.uk/for-the-public/raising-concerns/.